openSUSE Security Update: mysql security update ______________________________________________________________________________ Announcement ID: openSUSE-SU-2010:0731-1 Rating: important References: #557669 #567977 #607466 #609551 #637499 Cross-References: CVE-2010-1626 CVE-2010-1848 CVE-2010-1849 CVE-2010-1850 CVE-2010-3677 CVE-2010-3678 CVE-2010-3681 CVE-2010-3682 CVE-2010-3683 Affected Products: openSUSE 11.1 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: - local users could delete data files for tables of other users (CVE-2010-1626). - authenticated users could gather information for tables they should not have access to (CVE-2010-1849) - authenticated users could crash mysqld (CVE-2010-1848) - authenticated users could potentially execute arbitrary code as the user running mysqld (CVE-2010-1850) - authenticated users could crash mysqld (CVE-2010-3677, CVE-2010-3678, CVE-2010-3681, CVE-2010-3682, CVE-2010-3683) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.1: zypper in -t patch libmysqlclient-devel-3232 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.1 (i586 ppc x86_64): libmysqlclient-devel-5.0.67-12.18.1 libmysqlclient15-5.0.67-12.18.1 libmysqlclient_r15-5.0.67-12.18.1 mysql-5.0.67-12.18.1 mysql-Max-5.0.67-12.18.1 mysql-bench-5.0.67-12.18.1 mysql-client-5.0.67-12.18.1 mysql-debug-5.0.67-12.18.1 mysql-test-5.0.67-12.18.1 mysql-tools-5.0.67-12.18.1 - openSUSE 11.1 (x86_64): libmysqlclient15-32bit-5.0.67-12.18.1 libmysqlclient_r15-32bit-5.0.67-12.18.1 - openSUSE 11.1 (ppc): libmysqlclient15-64bit-5.0.67-12.18.1 libmysqlclient_r15-64bit-5.0.67-12.18.1 References: http://support.novell.com/security/cve/CVE-2010-1626.html http://support.novell.com/security/cve/CVE-2010-1848.html http://support.novell.com/security/cve/CVE-2010-1849.html http://support.novell.com/security/cve/CVE-2010-1850.html http://support.novell.com/security/cve/CVE-2010-3677.html http://support.novell.com/security/cve/CVE-2010-3678.html http://support.novell.com/security/cve/CVE-2010-3681.html http://support.novell.com/security/cve/CVE-2010-3682.html http://support.novell.com/security/cve/CVE-2010-3683.html https://bugzilla.novell.com/557669 https://bugzilla.novell.com/567977 https://bugzilla.novell.com/607466 https://bugzilla.novell.com/609551 https://bugzilla.novell.com/637499